mirrors/takahe
1
1
Fork 0
mirror of https://github.com/jointakahe/takahe.git synced 2024-11-22 15:21:01 +00:00
Code Issues Projects Releases Packages Wiki Activity

Implement a client_credentials process for read

Browse source
This commit is contained in:
Andrew Godwin 2023-03-06 15:48:43 -07:00
parent 05992d6553
commit 5ea3d5d143
2 changed files with 20 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
api/middleware.py
View file

@ -17,13 +17,17 @@ class ApiTokenMiddleware:
request.token = None request.token = None
if auth_header and auth_header.startswith("Bearer "): if auth_header and auth_header.startswith("Bearer "):
token_value = auth_header[7:] token_value = auth_header[7:]
try: if token_value == "__app__":
token = Token.objects.get(token=token_value, revoked=None) # Special client app token value
except Token.DoesNotExist: pass
return HttpResponse("Invalid Bearer token", status=400) else:
request.user = token.user try:
request.identity = token.identity token = Token.objects.get(token=token_value, revoked=None)
request.token = token except Token.DoesNotExist:
return HttpResponse("Invalid Bearer token", status=400)
request.user = token.user
request.identity = token.identity
request.token = token
request.session = None request.session = None
response = self.get_response(request) response = self.get_response(request)
return response return response

14
api/views/oauth.py
View file

@ -1,6 +1,7 @@
import base64 import base64
import json import json
import secrets import secrets
import time
from urllib.parse import urlparse, urlunparse from urllib.parse import urlparse, urlunparse
from django.contrib.auth.mixins import LoginRequiredMixin from django.contrib.auth.mixins import LoginRequiredMixin
@ -169,13 +170,16 @@ class TokenView(View):
return JsonResponse({"error": "invalid_grant_type"}, status=400) return JsonResponse({"error": "invalid_grant_type"}, status=400)
if grant_type == "client_credentials": if grant_type == "client_credentials":
# TODO: Implement client credentials flow # We don't support individual client credential tokens, but instead
# just have a fixed one (since anyone can register an app at any
# time anyway)
return JsonResponse( return JsonResponse(
{ {
"error": "invalid_grant_type", "access_token": "__app__",
"error_description": "client credential flow not implemented", "token_type": "Bearer",
}, "scope": "read",
status=400, "created_at": int(time.time()),
}
) )
elif grant_type == "authorization_code": elif grant_type == "authorization_code":
code = post_data.get("code") code = post_data.get("code")